After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 517591 - Null pointer crash in lotus_rldb_data()
Null pointer crash in lotus_rldb_data()
Status: RESOLVED FIXED
Product: Gnumeric
Classification: Applications
Component: import/export other
git master
Other All
: Normal critical
: ---
Assigned To: Morten Welinder
Jody Goldberg
Depends on:
Blocks:
 
 
Reported: 2008-02-20 02:34 UTC by sum1
Modified: 2008-02-20 14:11 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
fuzzed poker.wb2 (612.85 KB, application/x-quattropro)
2008-02-20 02:36 UTC, sum1 		Details

Description sum1 2008-02-20 02:34:11 UTC 
Version: r16388
OS: Ubuntu Gutsy

The upcoming sample is a fuzzed version of poker.wb2.  It looks like the Lotus importer is handling the file, which may be a bug in and of itself.

Steps to reproduce:
- Load the upcoming attachment in Gnumeric to trigger a crash

Backtrace:

Program received signal SIGSEGV, Segmentation fault.

+ Trace 189812

Thread NaN (LWP 15019)

  • #0 lotus_rldb_data
    at lotus.c line 1071
  • #1 lotus_read_new
    at lotus.c line 2179
  • #2 lotus_read
    at lotus.c line 2334
  • #3 lotus_file_open
    at boot.c line 83
  • #4 go_plugin_loader_module_func_file_open
    at go-plugin-loader-module.c line 239
  • #5 go_plugin_file_opener_open
    at go-plugin-service.c line 476
  • #6 go_file_opener_open
    at file.c line 294
  • #7 wb_view_new_from_input
    at workbook-view.c line 1212
  • #8 wb_view_new_from_uri
    at workbook-view.c line 1264
  • #9 main
    at main-application.c line 417 






Comment 1


sum1





          2008-02-20 02:36:27 UTC
        



Created attachment 105621 [details]
fuzzed poker.wb2






Comment 2


Morten Welinder





          2008-02-20 14:11:21 UTC
        



This problem has been fixed in our software repository. The fix will go into the next software release. Thank you for your bug report.


I am not worried over the "misdetection".  You are flipping random bits in
there, after all.